-
Type:
Bug
-
Resolution: Done
-
Priority:
Major - P3
-
None
-
Affects Version/s: 2.6.1
-
Component/s: Networking
-
None
-
ALL
-
None
-
3
-
None
-
None
-
None
-
None
-
None
-
None
I have a three node replica set with SSL enabled. The third server is not able to connect to the other servers with the following error - SSL: error:140D00CF:SSL routines:SSL_write:protocol is shutdown. I have verified that the keyfile and certificate are both fine.
If I try to connect from the mongodb command line to the other servers in the replica set it works fine - so it doesn't appear to a networking issue. Full logs are below. I have a live repro if you are interested.
2014-09-23T21:38:03.452+0000 [initandlisten] MongoDB starting : pid=25105 port=27017 dbpath=/mongodb_data 64-bit host=atlgnax2z010.teknas.com
2014-09-23T21:38:03.453+0000 [initandlisten]
2014-09-23T21:38:03.453+0000 [initandlisten] ** WARNING: /proc/sys/vm/zone_reclaim_mode is 1
2014-09-23T21:38:03.453+0000 [initandlisten] ** We suggest setting it to 0
2014-09-23T21:38:03.453+0000 [initandlisten] ** http://www.kernel.org/doc/Documentation/sysctl/vm.txt
2014-09-23T21:38:03.453+0000 [initandlisten] db version v2.6.1
2014-09-23T21:38:03.453+0000 [initandlisten] git version: 4b95b086d2374bdcfcdf2249272fb552c9c726e8
2014-09-23T21:38:03.453+0000 [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
2014-09-23T21:38:03.453+0000 [initandlisten] build info: Linux SG-mongo261build-2712 2.6.32-358.6.2.el6.x86_64 #1 SMP Thu May 16 20:59:36 UTC 2013 x86_64 BOOST_LIB_VERSION=1_49
2014-09-23T21:38:03.453+0000 [initandlisten] allocator: tcmalloc
2014-09-23T21:38:03.453+0000 [initandlisten] options: { config: "/etc/mongod.conf", net: { ssl: { PEMKeyFile: "/etc/ssl/mongodb.pem", mode: "requireSSL" } }, processManagement: { fork: true, pidFilePath: "/var/run/mongodb/mongod.pid" }, replication: { replSet: "RS-Teknas-0" }, security: { authorization: "enabled", keyFile: "/var/lib/mongo/rskey" }, storage: { dbPath: "/mongodb_data" }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }
2014-09-23T21:38:03.481+0000 [initandlisten] exception in initAndListen: 10310 Unable to lock file: /mongodb_data/mongod.lock. Is a mongod instance already running?, terminating
2014-09-23T21:38:03.481+0000 [initandlisten] dbexit:
2014-09-23T21:38:03.481+0000 [initandlisten] shutdown: going to close listening sockets...
2014-09-23T21:38:03.481+0000 [initandlisten] shutdown: going to flush diaglog...
2014-09-23T21:38:03.481+0000 [initandlisten] shutdown: going to close sockets...
2014-09-23T21:38:03.481+0000 [initandlisten] shutdown: waiting for fs preallocator...
2014-09-23T21:38:03.481+0000 [initandlisten] shutdown: lock for final commit...
2014-09-23T21:38:03.481+0000 [initandlisten] shutdown: final commit...
2014-09-23T21:38:03.481+0000 [initandlisten] shutdown: closing all files...
2014-09-23T21:38:03.481+0000 [initandlisten] closeAllFiles() finished
2014-09-23T21:38:03.481+0000 [initandlisten] dbexit: really exiting now
2014-09-23T21:38:03.620+0000 [rsStart] replSet REMOVED
2014-09-23T21:38:03.620+0000 [rsStart] replSet info self not present in the repl set configuration:
2014-09-23T21:38:03.620+0000 [conn4] end connection 54.236.119.235:42213 (1 connection now open)
2014-09-23T21:38:03.620+0000 [conn2] end connection 54.236.119.236:49729 (1 connection now open)
2014-09-23T21:38:03.620+0000 [rsStart] { _id: "RS-Teknas-0", version: 1, members: [ { _id: 0, host: "SG-Teknas-3431.servers.mongodirector.com:27017" }, { _id: 1, host: "SG-Teknas-3432.servers.mongodirector.com:27017" }, { _id: 5, host: "SG-Teknas-3436.servers.mongodirector.com:27017" } ] }
2014-09-23T21:38:03.620+0000 [rsStart] trying to contact SG-Teknas-3431.servers.mongodirector.com:27017
2014-09-23T21:38:03.620+0000 [rsStart] ERROR: SSL: error:140D00CF:SSL routines:SSL_write:protocol is shutdown
2014-09-23T21:38:03.621+0000 [rsStart] trying to contact SG-Teknas-3432.servers.mongodirector.com:27017
2014-09-23T21:38:04.440+0000 [initandlisten] connection accepted from 54.236.119.236:49730 #5 (1 connection now open)